-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I guess I will join clug-tech, in the mean time, is your vpn IP the same as you lan IP (ie is the IP you get from the VPN server on the same subnet as IP you get when directly connected at home)?
Jon wrote: > Hey Robert, > > Thanks for your help. I've posted a reply to this in clug-tech. I don't > want Dave freaking out on me for posting a billion line long server.conf > in here :) > > Thanks! > > J > > Robert Toole wrote: >> Jon, Please post your OpenVPN server config file... > >> Also check that you are enabling IP forwarding in the kernel on your >> server, as OpenVPN runs in userspace, it does not route, you need the >> kernel to do that. > >> On red-hat based distros edit /etc/sysctl.conf: > >> remove: net.ipv4.ip_forward = 0 >> add: net.ipv4.ip_forward = 1 > >> This only takes effect on reboot, to enable it without rebooting the >> server: > >> echo 1 > /proc/sys/net/ipv4/ip_forward > >> then we'll take a look at your server config file (edit out the secret >> bits) and see what we see. > >> Thanks, > >> On Wed, 2006-29-11 at 22:46 -0700, Jon wrote: >> You could be right, but there's nothing in the docs about that. It seems >> like the OpenVPN server is supposed to do it's own routing based on the >> settings I've listed off in clug-tech. > >> J > >> Jamie Furtner wrote: >>>>> You probably need to set up your server to masquerade the traffic coming >>>>> through your VPN network. By default, your machine should not know how >>>>> to deal with these packets as they're from an unknown network. >>>>> >>>>> Something like (from memory) >>>>> iptables -t nat -A POSTROUTING -j MASQUERADE -o eth0 -s 192.168.0.0/24 >>>>> should do it - change the eth0 and 192.168.0.0/24 for your >>>>> internet-facing adapter and your VPN network, respectively. >>>>> >>>>> Jamie >>>>> >>>>> >>>>> Jon wrote: >>>>> Hmm...nope. Can't get it. I've tried everything on the OpenVPN mailing >>>>> list. I'm going to move this to Clug-Tech even though it doesn't appear >>>>> to me that anyone watches that group. >>>>> >>>>> J >>>>> >>>>> Jon wrote: >>>>> >>>>>>>> Good lord that was easy. Well, kind of - I'm getting MULTI: bad source >>>>>>>> address from client [192.168.0.103], packet dropped from the server >>>>>>>> now, >>>>>>>> but I'll sort that out. At least the traffic is going to the openVPN >>>>>>>> server. >>>>>>>> >>>>>>>> Very cool, thanks. >>>>>>>> >>>>>>>> J >>>>>>>> >>>>>>>> Robert Toole wrote: >>>>>>>> >>>>>>>>>> You need to uncomment the following line in the OpenVPN server >>>>>>>>>> config file: >>>>>>>>>> >>>>>>>>>> push "redirect-gateway" >>>>>>>>>> >>>>>>>>>> see the comments in the sample config file from the OpenVPN package >>>>>>>>>> for >>>>>>>>>> detailed explanation. >>>>>>>>>> >>>>>>>>>> Hope that helps. >>>>>>>>>> >>>>>>>>>> Robert Toole >>>>>>>>>> [EMAIL PROTECTED] >>>>>>>>>> >>>>>>>>>> Jon wrote: >>>>>>>>>> Hi All, >>>>>>>>>> >>>>>>>>>> I think I'm about 3 seconds away from understanding how to do this, >>>>>>>>>> but >>>>>>>>>> it's a looong three seconds. >>>>>>>>>> >>>>>>>>>> I've set up an OpenVPN server and can successfully connect to it >>>>>>>>>> from my >>>>>>>>>> laptop using the OpenVPN in client mode. All is good, but I'm not >>>>>>>>>> quite >>>>>>>>>> able to make the leap to what I really want to happen. >>>>>>>>>> >>>>>>>>>> I want to experiment using this VPN in public hotspots to secure my >>>>>>>>>> traffic. In short, I want all my traffic to go from my wifi card to >>>>>>>>>> my >>>>>>>>>> OpenVPN server and THEN out into the Internet. At the moment, even >>>>>>>>>> when >>>>>>>>>> connected to the VPN, a quick visit to What's my IP shows my home >>>>>>>>>> WAN IP >>>>>>>>>> so I know I'm not coming out of my VPN server. >>>>>>>>>> >>>>>>>>>> I'm thinking I need to be looking at routing or tunneling or >>>>>>>>>> something. >>>>>>>>>> I'm familiar with using VPNs to access server shares, mail servers, >>>>>>>>>> and >>>>>>>>>> the like, but not how to tell my NIC to exclusively send traffic to >>>>>>>>>> it >>>>>>>>>> instead out to the Internet at large. >>>>>>>>>> >>>>>>>>>> Does that even make sense? Sheesh...nudges welcome. Oh, and since >>>>>>>>>> this >>>>>>>>>> is a Talk list - I'm totally up for hearing about cool things one >>>>>>>>>> can do >>>>>>>>>> with a VPN. >>>>>>>>>> >>>>>>>>>> Thanks! >>>>>>>>>> >>>>>>>>>> J >>>>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> clug-talk mailing list >>>>>>>> [email protected] >>>>>>>> http://clug.ca/mailman/listinfo/clug-talk_clug.ca >>>>>>>> Mailing List Guidelines (http://clug.ca/ml_guidelines.php) >>>>>>>> **Please remove these lines when replying >>>>>>>> >>>>>>>>>> _______________________________________________ >>>>>>>>>> clug-talk mailing list >>>>>>>>>> [email protected] >>>>>>>>>> http://clug.ca/mailman/listinfo/clug-talk_clug.ca >>>>>>>>>> Mailing List Guidelines (http://clug.ca/ml_guidelines.php) >>>>>>>>>> **Please remove these lines when replying >>>>>>>>>> >>>>>>>> -- >>>>>>>> Key fingerprint: BDE0 DE52 B8C0 0CDF 7653 E5A2 D861 7877 0D3B 813E >>>>>>>> http://www.jonwatson.ca >>>>>>>> +1.403.875.6048 >>>>>>>> >>>>> _______________________________________________ >>>>> clug-talk mailing list >>>>> [email protected] >>>>> http://clug.ca/mailman/listinfo/clug-talk_clug.ca >>>>> Mailing List Guidelines (http://clug.ca/ml_guidelines.php) >>>>> **Please remove these lines when replying >>>>> >>>>> -- >>>>> Key fingerprint: BDE0 DE52 B8C0 0CDF 7653 E5A2 D861 7877 0D3B 813E >>>>> http://www.jonwatson.ca >>>>> +1.403.875.6048 >> _______________________________________________ >> clug-talk mailing list >> [email protected] >> http://clug.ca/mailman/listinfo/clug-talk_clug.ca >> Mailing List Guidelines (http://clug.ca/ml_guidelines.php) >> **Please remove these lines when replying >> -- >> Key fingerprint: BDE0 DE52 B8C0 0CDF 7653 E5A2 D861 7877 0D3B 813E >> http://www.jonwatson.ca >> +1.403.875.6048 > _______________________________________________ > clug-talk mailing list > [email protected] > http://clug.ca/mailman/listinfo/clug-talk_clug.ca > Mailing List Guidelines (http://clug.ca/ml_guidelines.php) > **Please remove these lines when replying > _______________________________________________ clug-talk mailing list [email protected] http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFbyBcwRXgH3rKGfMRAt8CAJ47uVroorIy+ymGx4OEVK+mMEzoQQCcCWw4 Bikqx7r9o0Bt8Mi3knHzS/k= =bMh1 -----END PGP SIGNATURE----- _______________________________________________ clug-talk mailing list [email protected] http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying
